diff options
author | laforge <laforge> | 2005-02-09 16:42:54 +0000 |
---|---|---|
committer | laforge <laforge> | 2005-02-09 16:42:54 +0000 |
commit | bac170f20471177eb90818011acc3f235cd58a8f (patch) | |
tree | 3f1899a9f6cc20725d56589f222d7ef6eb7a5c16 /ulogd | |
parent | c781e3866950bf2c539b2f0bcd9ce422e038b82f (diff) |
fix buffer overflow in connect string generation
Diffstat (limited to 'ulogd')
-rw-r--r-- | ulogd/pgsql/ulogd_PGSQL.c | 22 |
1 files changed, 18 insertions, 4 deletions
diff --git a/ulogd/pgsql/ulogd_PGSQL.c b/ulogd/pgsql/ulogd_PGSQL.c index c2a3b71..e6b6f17 100644 --- a/ulogd/pgsql/ulogd_PGSQL.c +++ b/ulogd/pgsql/ulogd_PGSQL.c @@ -1,8 +1,8 @@ -/* ulogd_PGSQL.c, Version $Revision: 1.8 $ +/* ulogd_PGSQL.c, Version $Revision$ * * ulogd output plugin for logging to a PGSQL database * - * (C) 2000 by Harald Welte <laforge@gnumonks.org> + * (C) 2000-2005 by Harald Welte <laforge@gnumonks.org> * This software is distributed under the terms of GNU GPL * * This plugin is based on the MySQL plugin made by Harald Welte. @@ -305,7 +305,21 @@ static int exit_nicely(PGconn *conn) /* make connection and select database */ static int pgsql_open_db(char *server, char *user, char *pass, char *db) { - char connstr[80]; + int len; + char *connstr; + + /* 80 is more than what we need for the fixed parts below */ + len = 80 + strlen(user) + strlen(db); + + /* hostname and and password are the only optionals */ + if (server) + len += strlen(server); + if (pass) + len += strlen(pass); + + connstr = (char *) malloc(len); + if (!connstr) + return 1; if (server) { strcpy(connstr, " host="); @@ -334,7 +348,7 @@ static int pgsql_open_db(char *server, char *user, char *pass, char *db) static int pgsql_init(void) { /* have the opts parsed */ - config_parse_file("PGSQL", &table_ca); + config_parse_file("PGSQL", &table_ce); if (pgsql_open_db(host_ce.u.string, user_ce.u.string, pass_ce.u.string, db_ce.u.string)) { |